<?php
class admin extends Controller{
    
    public function __construct(){
        if(!isset($_SERVER['HTTP_TOKEN'])&&empty($_SERVER['HTTP_TOKEN'])) $this->ajaxReturn(array('status'=>0,'info'=>'非法请求'));
        if(empty($_SESSION['client'])) {
            $this->ajaxReturn(array('status'=>-1,'info'=>'会话已过期,请重新登录'));
        }
        if(!$this->check_auth()) $this->ajaxReturn(array('status'=>0,'info'=>'您没有操作权限'));
    }
       
    //判断用户权限
    private function check_auth(){
       if($_SESSION['client']['parentid']==0) return true;//超级管理员跳过判断
     
       $path=M_NAME.'/'.C_NAME.'/'.A_NAME;//访问路径
       //$auth_node_id=db()->getOne('select id from x_menu where path="'.$path.'"');
       $auth_node_id=db()->getOne('select id from x_menu where controller="'.C_NAME.'" and method="'.A_NAME.'"');
       if(!$auth_node_id) return true;//如果不在权限菜单中，则默认允许访问
        
       if(empty($_SESSION['client']['auth_node'])) return false;
       
       if(strpos(','.$_SESSION['client']['auth_node'].',',','.$auth_node_id.',')!==false){
           return true;
       }
       else return false;
    }
       
}